[Cryptography] The Crypto Pi

Ralf Senderek crypto at senderek.ie
Mon Jan 26 13:59:08 EST 2015

On Mon, 26 Jan 2015 14:12:29 iang wrote:

>  On 25/01/2015 16:35 pm, Ralf Senderek wrote:
> >  When I read bytes from /dev/random with dd and immediately check this
> >  file again, n bits are missing as a result of the read operation.
> >  So, IMHO, the whole system now has less entropy to feed to /dev/random.
> >  Am I wrong, when I assume that if the content of entropy_avail drops to
> >  zero, /dev/random is supposed to block?
>  Once upon a time, it might have meant that.  Now it doesn't.
>  What it "means" is more to do with whatever is implemented by the 
>  unix system you are using, and
>  as it happens, Linux and BSD do differently.  So meaning is out the window,
>  we're back to implementation.
>  My advice:  applications should use /dev/urandom.

I won't follow your advice, because for the Crypto Pi I want high-quality
keys with a reliable amount of entropy in each of them, not only
pseudo-random numbers. From which source I can draw the keys is unclear
at the moment, because /dev/random seems to work very differently on
the platforms in question. But without a reliable measurement of the
randomness there is no answer whether the key is good enough or not.
I'm not convinced that the entropy-avail file is entirely useless. though.

I agree that we're in implementation land already, and in the end we
have to assess a working system and not a mathematical notion.


More information about the cryptography mailing list